s3:libsmb: always create bytes array in cli_trans code

Otherwise we return NO_MEMORY without a reason for fragmented trans
requests, as talloc_append_blob() returns buf if we append a 0 length
blob. When we pass buf = NULL we'll get back NULL and then assume
NO_MEMORY...

metze
(cherry picked from commit 88dd6af605dc5754b7e146a068272d37651da710)
(cherry picked from commit 5bbf96dd63227a19fe1f95ff8d8f2b3c75a5a497)

1 files changed, 14 insertions, 5 deletions

diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index f5794ea04e6..0266c0307e5 100644
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -731,6 +731,7 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx,
 	uint16_t this_data = 0;
 	uint32_t useable_space;
 	uint8_t cmd;
+	uint8_t pad[3];
 
 	frame = talloc_stackframe();
 
@@ -743,9 +744,16 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx,
 
 	param_offset = smb_size - 4;
 
+	bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 0); /* padding */
+	if (bytes == NULL) {
+		goto fail;
+	}
+
 	switch (cmd) {
 	case SMBtrans:
-		bytes = TALLOC_ZERO_P(talloc_tos(), uint8_t); /* padding */
+		pad[0] = 0;
+		bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes,
+						data_blob_const(pad, 1));
 		if (bytes == NULL) {
 			goto fail;
 		}
@@ -759,13 +767,14 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx,
 		param_offset += talloc_get_size(bytes);
 		break;
 	case SMBtrans2:
-		bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 3); /* padding */
+		pad[0] = 0;
+		pad[1] = 'D'; /* Copy this from "old" 3.0 behaviour */
+		pad[2] = ' ';
+		bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes,
+						data_blob_const(pad, 3));
 		if (bytes == NULL) {
 			goto fail;
 		}
-		bytes[0] = 0;
-		bytes[1] = 'D';	/* Copy this from "old" 3.0 behaviour */
-		bytes[2] = ' ';
 		wct = 14 + state->num_setup;
 		param_offset += talloc_get_size(bytes);
 		break;